[U-Boot] [PATCH v2 00/17] import x509/pkcs7 parsers from linux

AKASHI Takahiro takahiro.akashi at linaro.org
Mon Oct 28 01:44:39 UTC 2019


On Fri, Oct 25, 2019 at 07:07:32PM +0900, AKASHI Takahiro wrote:
> # This patch set should be merged first prior to my rsa extension patch
> # due to some dependency. I plan to send out a new version of rsa
> # extension next week.
> 
> Asn1 parsers of x509 certificates and pkcs7 messages are required
> to implement image authentication and variable authentication as
> part of UEFI secure boot feature.
> 
> As we discussed before in the thread[1], most people insisted that
> we should re-use corresponding source code from Linux repository
> for this purpose.
> 
> Here is my attempt to import all the necessary files from Linux; Those
> will eventually be part of UEFI secure boot implementation, but I'd like
> to get early feedback from other peoples before submitting the whole
> patchset so that they will be better formatted for merging.
> 
> My approach here is
> * files from the latest Linux
> * modify files as little as possible
> * mark/protect unavoidable changes with "#if(n)def __UBOOT__"
> so that future fixes/differences in Linux repository will easily
> be applied to U-Boot.
> 
> Known issues:
> * checkpatch.pl
>   Checkpatch.pl will complain with a bunch of warnings/errors but
>   I intentionally left them unchanged for the sake of better
>   maintainability I said above.
> 
> * unit test
>   I'm still waiting for a feedback from Tom[2] regarding how we should
>   enable "unit test" for ASN1 compiler/decoder on sandbox and others
>   in Travis CI.
> 
> * Travis CI
>   It is still running against this very version, but I'm sure I have
>   fixed all the issues (as long as Heinrich's [3] is applied);
>   I will let you know the result on Monday.

All Travis CI tests have passed.

-Takahiro Akashi


> Any comments will be appreciated.
> -Takahiro Akashi
> 
> [1] https://lists.denx.de/pipermail/u-boot/2019-April/366423.html
> [2] https://lists.denx.de/pipermail/u-boot/2019-October/387734.html
> [3] https://lists.denx.de/pipermail/u-boot/2019-October/385643.html
> 
> Changes in v2 (Oct 25, 2019)
> * revise commit messages, describing what files are modified or not.
> * move kmemdump() in ubifs.c to linux_compat.c for general use (patch#1)
> * add patch#2
> * move date.c to lib/ for general use (patch#3)
> * implement mktime64() with rtc_mktime() (patch#4)
> * move asn1_compiler.c to tools/ (patch#7)
> * change CONFIG_BUILD_ASN1 to CONFIG_ASN1_COMPILER (patch#7)
> * add clean rule to asn1_compiler-generated files to clean targets (patch#8)
> * change CONFIG_ASN1 to CONFIG_ASN1_DECODER (patch#9)
> * add README for asn1 compiler/decoder (patch#10)
> * move build_oid_registory to scripts/ (patch#11)
> * shuffle an order of patches (patch#13,#14,#15)
> * add a new config CONFIG_RSA_PUBLIC_KEY_PARSER so that it can be
> * modify Kconfig dependency (patch#13,#14,#15)
>   compiled in independently (patch#13)
> * add unit test (patch#16,#17)
> 
> Changes in v1 (Oct 11, 2019) from RFC
> * change the kernel code base from v5.0 to v5.3
> * add preparatory patches (#1, #2 and #3)
> * comment off x509_check_for_self_signed() which is not useful
>   for UEFI secure boot (patch#9)
> * improve usages of "#if(n)def __UBOOT__* to minimize differences
>   between U-Boot and linux kernel
> 
> AKASHI Takahiro (17):
>   linux_compat: move kmemdup() from ubifs.c to linux_compat.c
>   rtc.h: add struct udevice declaration
>   rtc: move date.c from drivers/rtc/ to lib/
>   lib: add mktime64() for linux compatibility
>   include: kernel.h: include printk.h
>   linux/time.h: include vsprintf.h
>   cmd: add asn1_compiler
>   Makefile: add build script for asn1 parsers
>   lib: add asn1 decoder
>   doc: add README for asn1 compiler and decoder
>   lib: add oid registry utility
>   lib: crypto: add public key utility
>   lib: crypto: add rsa public key parser
>   lib: crypto: add x509 parser
>   lib: crypto: add pkcs7 message parser
>   test: add lib specific Kconfig
>   test: add asn1 unit test
> 
>  Makefile                          |    1 +
>  cmd/Kconfig                       |    1 +
>  doc/README.asn1                   |   40 +
>  drivers/rtc/Kconfig               |    1 +
>  drivers/rtc/Makefile              |    1 -
>  fs/ubifs/ubifs.c                  |   19 +-
>  include/crypto/internal/rsa.h     |   57 +
>  include/crypto/pkcs7.h            |   47 +
>  include/crypto/public_key.h       |   90 ++
>  include/keys/asymmetric-type.h    |   88 ++
>  include/linux/asn1.h              |   65 ++
>  include/linux/asn1_ber_bytecode.h |   89 ++
>  include/linux/asn1_decoder.h      |   20 +
>  include/linux/kernel.h            |    2 +-
>  include/linux/oid_registry.h      |  117 +++
>  include/linux/time.h              |   11 +
>  include/rtc.h                     |    2 +
>  lib/Kconfig                       |   17 +
>  lib/Makefile                      |   20 +
>  lib/asn1_decoder.c                |  527 ++++++++++
>  lib/crypto/Kconfig                |   52 +
>  lib/crypto/Makefile               |   49 +
>  lib/crypto/asymmetric_type.c      |  668 ++++++++++++
>  lib/crypto/pkcs7.asn1             |  135 +++
>  lib/crypto/pkcs7_parser.c         |  693 +++++++++++++
>  lib/crypto/pkcs7_parser.h         |   65 ++
>  lib/crypto/public_key.c           |  376 +++++++
>  lib/crypto/rsa_helper.c           |  198 ++++
>  lib/crypto/rsapubkey.asn1         |    4 +
>  lib/crypto/x509.asn1              |   60 ++
>  lib/crypto/x509_akid.asn1         |   35 +
>  lib/crypto/x509_cert_parser.c     |  697 +++++++++++++
>  lib/crypto/x509_parser.h          |   57 +
>  lib/crypto/x509_public_key.c      |  292 ++++++
>  {drivers/rtc => lib}/date.c       |   23 +-
>  lib/linux_compat.c                |   17 +
>  lib/oid_registry.c                |  179 ++++
>  scripts/Makefile.build            |    4 +-
>  scripts/build_OID_registry        |  203 ++++
>  test/Kconfig                      |    8 +-
>  test/lib/Kconfig                  |   23 +
>  test/lib/Makefile                 |    2 +
>  test/lib/asn1.c                   |  392 +++++++
>  tools/Makefile                    |    3 +
>  tools/asn1_compiler.c             | 1611 +++++++++++++++++++++++++++++
>  45 files changed, 7030 insertions(+), 31 deletions(-)
>  create mode 100644 doc/README.asn1
>  create mode 100644 include/crypto/internal/rsa.h
>  create mode 100644 include/crypto/pkcs7.h
>  create mode 100644 include/crypto/public_key.h
>  create mode 100644 include/keys/asymmetric-type.h
>  create mode 100644 include/linux/asn1.h
>  create mode 100644 include/linux/asn1_ber_bytecode.h
>  create mode 100644 include/linux/asn1_decoder.h
>  create mode 100644 include/linux/oid_registry.h
>  create mode 100644 lib/asn1_decoder.c
>  create mode 100644 lib/crypto/Kconfig
>  create mode 100644 lib/crypto/Makefile
>  create mode 100644 lib/crypto/asymmetric_type.c
>  create mode 100644 lib/crypto/pkcs7.asn1
>  create mode 100644 lib/crypto/pkcs7_parser.c
>  create mode 100644 lib/crypto/pkcs7_parser.h
>  create mode 100644 lib/crypto/public_key.c
>  create mode 100644 lib/crypto/rsa_helper.c
>  create mode 100644 lib/crypto/rsapubkey.asn1
>  create mode 100644 lib/crypto/x509.asn1
>  create mode 100644 lib/crypto/x509_akid.asn1
>  create mode 100644 lib/crypto/x509_cert_parser.c
>  create mode 100644 lib/crypto/x509_parser.h
>  create mode 100644 lib/crypto/x509_public_key.c
>  rename {drivers/rtc => lib}/date.c (81%)
>  create mode 100644 lib/oid_registry.c
>  create mode 100755 scripts/build_OID_registry
>  create mode 100644 test/lib/Kconfig
>  create mode 100644 test/lib/asn1.c
>  create mode 100644 tools/asn1_compiler.c
> 
> -- 
> 2.21.0
> 


More information about the U-Boot mailing list